Ensuring the Security of Hamilton's Information
by Dave Smallen
(May 23, 2012) The University of Nebraska experienced a breach of the Student Information System, which houses data for current and past students, faculty, staff, applicants and others.
(June 23, 2009) A stolen Cornell University computer has compromised the personal information of thousands of members of the University community. The computer contains the names and social security numbers of current and former students as well as current and former faculty and staff members. The affected people totaled 22,546 current and former students and 22,731 current and former faculty and staff, amounting to 45,277 people in the Cornell community. (http://wvbr.com/news/660)
Almost every week the media report similar incidents at institutions of higher education and in the business community. How do we lower the risk of this happening at Hamilton?
Hamilton has begun a major initiative to upgrade the policies, procedures and practices related to protecting confidential and sensitive information contained in our electronic systems. This initiative will affect all members of the Hamilton community.
In fall of 2011, Pervasive Solutions, of Rochester NY, conducted a security audit of Hamilton’s information environment (and those of other institutions in the NY 6 consortium – Colgate, Skidmore, Union, Hobart and William Smith and St. Lawrence). The final report was shared with Hamilton in February 2012. Over the next two years we will begin implementation of the recommendations contained within that report. This past summer a change was made to the way access was provided to remote desktop from off-campus to improve the security of the connection.
The recommendations fall in four major areas: Policy, Network and Server Infrastructure, Desktop and Mobile Infrastructure and Institutional Awareness. Thus far, task forces have been set up in ITS that will coordinate discussions with campus governance bodies and with the work going on at other NY 6 colleges.
The Committee on Information Technology will review the recommendations and suggested changes to Hamilton’s policies and procedures. In the coming year you can expect changes to Hamilton’s password requirements, encryption of information on institutional laptop computers, and the creation of an annual awareness program for all members of the Hamilton community. In the end, we want to be good custodians of the information we collect from faculty, staff and students.